A NOTE TO PYTHON DEVELOPERS All of the Zuora Python libraries I've seen, that use the SOAP API, are based on a single module: 'suds'. This module has been dead for almost 7 years and it relies on urllib2 but the suds developers never thought to build in a way for you to specify what SSL version you want to use. For example, in Python 2.7.9+, you can do something like: import ssl import urllib2
context = ssl . SSLContext ( ssl . ssl.PROTOCOL_SSLv23 )
urllib2 . urlopen ( 'https://example.com' , context = context ).close() Doing something like the above would require modification of the suds module which looks like is my only option until the REST API becomes useful. Python 2.7.8 and earlier is more complicated as you would have to ssl.wrap_socket() but I won't go into details there as you probably should have upgraded by now anyway. For more information on the SSL implimentation of Python, please visit https://docs.python.org/2/library/ssl.html#security-considerations
... View more
@scottb, Thank you for the response. > There's already some active discussion in our Community forum on this issue including commentary on Python support for TLS 1.1 and higher Yes, Python does support TLS 1.1 and better BUT the problem is that the suds module is old and is using urllib2 without giving an interface to allow the user to select a higher SSL method. Using urllib3, one can create a request and pass in the context=ssl.SSLContext(ssl.PROTOCOL_SSLv23) (after importing 'ssl' of course). But with suds not being maintained nor updated in a number of years, one would need to re-write a Zuora client that uses a different SOAP client like Zeep. However, it would be really really really handy to simply use the REST interface but that has 10%, or less, of the same functionality offered by the SOAP API. > It's been my experience that the actual error received by the end user varries somewhat on the code producting it, with the most common error being something akin to "handshake error" While I understand this, that is not applicable in this instance. I showed you that there is no lack of agreement in the SSL handshake, I showed you that the connection is being reset. The error I received about the "connection reset by peer" is correct because the peer terminated the connection without any attempt at a negotiation.
... View more